• Poutinetown
    link
    fedilink
    English
    arrow-up
    8
    ·
    2 months ago

    Ssh behind a wire guard VPN server is technically more secure if you don’t have a key-only login, but a pain if the container goes down or if you need to access the server without access to wireguards VPN client on your device.

    • Lem453
      link
      fedilink
      English
      arrow-up
      10
      ·
      edit-2
      2 months ago

      Highly recommend getting a router that can accept wireguard connections. If the router goes down you’re not accessing anything anyways.

      Then always put ssh behind the wireguard connections.

      For a homelab, there is rarely a need to expose ssh directly so best practice will always be to have multi layered security when possible.

      • Poutinetown
        link
        fedilink
        English
        arrow-up
        4
        ·
        2 months ago

        Yeah it’s good to have a system separate from the main server. It’s always so frustrating having to debug wireguard issues cause there’s some problem with docker